Google is releasing Chrome OS Flex today, a new version of Chrome OS that's designed for businesses and schools to install and run on old PCs and Macs. From a report: Google first started testing Chrome OS Flex earlier this year in an early access preview, and the company has now resolved 600 bugs to roll out Flex to businesses and schools today. Chrome OS Flex is designed primarily for businesses running old Windows PCs, as Google has been testing and verifying devices from Acer, Asus, Dell, HP, Lenovo, LG, Toshiba, and many more OEMs. Flex will even run on some old Macs, including some 10-year-old MacBooks. The support of old hardware is the big selling point of Chrome OS Flex, as businesses don't have to ditch existing hardware to get the latest modern operating system. More than 400 devices are certified to work, and installation is as easy as using a USB drive to install Chrome OS Flex.

From the world of proprietary software comes this report by Popular Science. "Despite the increasing number of more economical options (read also: free) on the market, many people still prefer Microsoft Office over the alternatives available..."

"The only setback? A license can be expensive, especially if you're the one shouldering the fees instead of your company. If you wish to have access to the suite for personal use, you either have to pay recurring fees for a subscription or cough up hundreds in one go for an annual license."

Sounds pretty rough. But through Thursday they're at least getting a temporary price drop: If none of these options appeal to you, maybe this Microsoft Office Home and Business: Lifetime License deal can. For our Deals Day sale, you can grab it on sale for only $39.99 — no coupon needed. This bundle is designed for families, students, and small businesses who want unlimited access to MS Office apps and email without breaking the bank. The license package includes programs you already likely use on the regular, including Word, Excel, PowerPoint, Outlook, Teams, and OneNote.

Upon purchase, you get access to your software license keys and download links instantly. You also get free updates for life across all programs, along with free customer service that offers the best support in case any of the apps run into trouble. The best part? You only have to pay once and you're set for life. The Microsoft Office Home and Business: Lifetime License normally goes for $349, but from today until July 14, you can get it for only $39.99 thanks to the special Deals Day event. Click here for Mac and here for Windows.

Apple introduced a security tool for iPhone, iPad and Mac devices that is designed to prevent targeted cyberattacks on high-profile users such as activists, journalists and government officials. From a report: The optional feature, called Lockdown Mode, will offer "extreme" protection for a "very small number of users who face grave, targeted attacks," Apple said Wednesday in a statement. The tool vastly reduces the number of physical and digital ways for an attacker to hack a user's device. Apple said the feature is aimed primarily at trying to combat attacks from "spyware" sold by NSO Group and other companies, particularly to state-sponsored groups.

[...] Lockdown Mode will affect the Messages app, FaceTime, Apple online services, configuration profiles, the Safari web browser and wired connections. With the tool in place, the Messages app will block attachments other than images and disable link previews. Those are two common mechanisms that hackers use to infiltrate devices remotely. The web browser, another frequent conduit for hackers, will also be severely limited, with restrictions on certain fonts, web languages and features involving reading PDFs and previewing content. In FaceTime, users won't be able to receive calls from an individual that they haven't previously called within the preceding 30 days.

Steve Jobs, the co-founder and former CEO of Apple, has been awarded a posthumous Presidential Medal of Freedom by President Joe Biden, the White House announced Friday. The Verge reports: The Presidential Medal of Freedom is the highest US honor that can be given to a civilian, and it's presented to "individuals who have made exemplary contributions to the prosperity, values, or security of the United States, world peace, or other significant societal, public or private endeavors," the White House said in a statement. Jobs founded Apple in April 1976, and it's since become one of the biggest companies in the world. He helped launch many tech products that have gone on to become cultural touchstones, including the Mac, the iPod, and the iPhone. He died on October 5th, 2011.

In its statement, the White House praised Jobs's creative approach to his various endeavors. "Steve Jobs was the co-founder, chief executive, and chair of Apple, Inc., CEO of Pixar and held a leading role at the Walt Disney Company," the White House wrote. "His vision, imagination and creativity led to inventions that have, and continue to, change the way the world communicates, as well as transforming the computer, music, film and wireless industries." The award will be presented on July 7th. The full list of this year's Presidential Medal of Freedom recipients can be viewed here.

Mozilla: Starting today, Firefox is rolling out Total Cookie Protection by default to all Firefox users worldwide, making Firefox the most private and secure major browser available across Windows and Mac. Total Cookie Protection is Firefox's strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site. Whether it's applying for a student loan, seeking treatment or advice through a health site, or browsing an online dating app, massive amounts of your personal information is online -- and this data is leaking all over the web.

The hyper-specific-to-you ads you so often see online are made possible by cookies that are used to track your behavior across sites and build an extremely sophisticated profile of who you are. Recent stories (including an excellent Last Week Tonight episode) have shown how robust, yet under-the-radar, the data selling economy is and how easy it is for anyone to buy your data, combine it with more data about you and use it for a variety of purposes, even beyond advertising. It's an alarming reality -- the possibility that your every move online is being watched, tracked and shared -- and one that's antithetical to the open web we at Mozilla have strived to build. That's why we developed Total Cookie Protection to help keep you safe online.

Total Cookie Protection works by creating a separate "cookie jar" for each website you visit. Instead of allowing trackers to link up your behavior on multiple sites, they just get to see behavior on individual sites. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to only that website. No other websites can reach into the cookie jars that don't belong to them and find out what the other websites' cookies know about you -- giving you freedom from invasive ads and reducing the amount of information companies gather about you. This approach strikes the balance between eliminating the worst privacy properties of third-party cookies -- in particular the ability to track you -- and allowing those cookies to fulfill their less invasive use cases (e.g. to provide accurate analytics). With Total Cookie Protection in Firefox, people can enjoy better privacy and have the great browsing experience they've come to expect.

"Researchers at MIT have discovered an unfixable vulnerability in Apple Silicon that could allow attackers to bypass a chip's 'last line of defense'," writes the Apple Insider blog, "but most Mac users shouldn't be worried." More specifically, the team at MIT's Computer Science & Artificial Intelligence Laboratory found that Apple's implementation of pointer authentication in the M1 system-on-chip can be overcome with a specific hardware attack they've dubbed "PACMAN." Pointer authentication is a security mechanism in Apple Silicon that makes it more difficult for attackers to modify pointers in memory. By checking for unexpected changes in pointers, the mechanism can help defend a CPU if attackers gain memory access.... The flaw comes into play when an attacker successfully guesses the value of a pointer authentication code and disables it.

The researchers found that they could use a side-channel attack to brute-force the code. PACMAN echoes similar speculative execution attacks like Spectre and Meltdown, which also leveraged microarchitectural side channels. Because it's a flaw in the hardware, it can't be fixed with a software patch.

[A]ctually carrying out the PACMAN attack requires physical access to a device, meaning the average Mac user isn't going to be at risk of exploit. The flaw affects all kinds of ARM-based chips — not just Apple's. The vulnerability is more of a technological demonstration of a wider issue with pointer authentication in ARM chips, rather than an issue that could lead to your Mac getting hacked.
MIT has made more information available at the site PACMANattack.com — including answers to frequently asked questions. Q: Is PACMAN being used in the wild?
A: No.
Q: Does PACMAN have a logo?
A: Yeah!
The MIT team says their discovery represents "a new way of thinking about how threat models converge in the Spectre era." But even then, MIT's announcement warns the flaw "isn't a magic bypass for all security on the M1 chip." PACMAN can only take an existing bug that pointer authentication protects against, and unleash that bug's true potential for use in an attack by finding the correct PAC. There's no cause for immediate alarm, the scientists say, as PACMAN cannot compromise a system without an existing software bug....

The team showed that the PACMAN attack even works against the kernel, which has "massive implications for future security work on all ARM systems with pointer authentication enabled," says Ravichandran. "Future CPU designers should take care to consider this attack when building the secure systems of tomorrow. Developers should take care to not solely rely on pointer authentication to protect their software."
TechCrunch obtained a comment from Apple: Apple spokesperson Scott Radcliffe provided the following: "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques. Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own."

Apple plans to expand the lineup of laptops using its new, speedier in-house chips next year, aiming to grab a bigger share of the market, Bloomberg News reported Thursday, citing people with knowledge of the matter said. From the report: The company is working on a larger MacBook Air with a 15-inch screen for release as early as next spring, said the people, who asked not to be identified because the plans aren't public. This would mark the first model of that size in the MacBook Air's 14-year history. Apple is also developing what would be its smallest new laptop in years. The new models underscore Apple's strategy to use homegrown processors to make gains in a market led by Lenovo and HP. The company began splitting from longtime partner Intel in 2020 and announced its latest chip, the M2, at a developers conference earlier this week. Better performance and new designs have helped spur a resurgence for the Mac lineup, which accounts for about 10% of Apple's sales.

An anonymous reader quotes a report from Ars Technica: One of the few things that Intel Macs can do that Apple Silicon Macs can't is run operating systems written for Intel or AMD processors inside of virtual machines. Most notably, this has meant that there is currently no legal way to run Windows on an Apple Silicon Mac. Apple Silicon Macs can, however, run operating systems written for Arm processors inside of virtual machines, including other versions of macOS and Arm-compatible versions of Linux. And those Linux VMs are getting a new feature in macOS Ventura: the ability to run apps written for x86 processors using Rosetta, the same binary translation technology that allows Apple Silicon Macs to run apps written for Intel Macs.

Apple's documentation will walk you through the requirements for using Rosetta within a Linux guest operating system -- it requires creating a shared directory that both macOS and Linux can access and running some terminal commands in Linux to get it set up. But once you do those steps, you'll be able to enjoy the wider app compatibility that comes with being able to run x86 code as well as Arm code. Some developers, including Hector Martin of the Asahi Linux project and Twitter user @never_released, have already found that these steps can also enable Rosetta on non-Apple ARM CPUs as long as they're modern enough to support at least version 8.2 of the Arm instruction set. As Martin points out, this isn't strictly legal because of macOS's licensing restrictions, and there are some relatively minor Apple-specific hardware features needed to unlock Rosetta's full capabilities.

Apple brought its iPad tablet a bit closer to the Mac computers in spirit on Monday at WWDC 2022, announcing new features for its iPadOS 16 software that add better multitasking features. From a report: The new changes to the iPad represent another key shift to the device, aiming to advance the "pro" capabilities of Apple's tablets. While Apple's added to the power and capabilities of its iPads, the software has been criticized by many reviewers, including us at CNET, for not offering enough functionality. [...] Apple also has a collaborative workspace app called Freeform, coming later this year, that will work like a giant whiteboard. Invited collaborators could can start adding stuff at the same time.

iPadOS 16 is also aiming to make better use of more advanced iPads that feature Apple's M1 chip. Metal 3 promises better graphics, but Apple's also aiming to add more desktop-like features in apps: Some will have customizable toolbars, and the Files app looks like it's finally getting a little more versatile for file management. M1 iPads are getting display scaling to create an effectively larger-feeling display, allowing more app screen space (but with smaller text and images). There's also free-form window resizing, along with external display support. Both features have been overdue on iPadOS. Stage Manager, a MacOS feature that's coming later this year, is also on iPadOS. The result looks to be windows that can overlap and be different sizes, just like a Mac.

Apple demonstrated "passkeys" at WWDC 2022, a new biometric sign-in standard that could finally kill off the password for good. TechCrunch reports: Passkeys are based on the Web Authentication API (WebAuthn), a standard that uses public-key cryptography instead of passwords for authenticating users to websites and applications, and are stored on-device rather than on a web server. The digital password replacement uses Touch ID or Face ID for biometric verification, which means that rather than having to input a long string of characters, an app or website you're logging into will push a request to your phone for authentication.

During its WWDC demo of the password-free technology, Apple showed how passkeys are backed up within the iCloud Keychain and can be synced across Mac, iPhone, iPad and Apple TV with end-to-end encryption. Users will also be able to sign in to websites and apps on non-Apple devices using an iPhone or iPad to scan a QR code and Touch ID or Face ID to authenticate. "Because it's just a single tap to sign in, it's simultaneously easier, faster and more secure than almost all common forms of authentication today," said Garrett Davidson, an Apple engineer on the Authentication Experience team.

As expected, Apple has used the stage at its WWDC 2022 keynote to reveal the features and changes coming to macOS in the next major software update for the platform, macOS 13 Ventura. From a report: Ventura's headlining feature is a new multitasking interface called Stage Manager. It's being billed as a way to fight window clutter on a busy desktop -- enter Stage Manager mode, and one of your windows floats to the center of the screen, pushing your other windows into a compressed navigation column on the left of the screen. Click a different app window on the left, and it will fly to the center of the screen, knocking the app you were using before into the navigation column. Spotlight also gets some handy quality-of-life updates, adding the ability to Quick Look search results directly from the Spotlight window, and the ability to run Shortcuts from within Spotlight.

Safari picks up the ability to share groups of tabs with other users, letting all users add and remove tabs. The browser is also adding a FIDO-compliant security technology called PassKeys, which aim to replace passwords with cryptographically generated keys that sync between devices using iCloud Keychain. Sites that support PassKeys can be opened using TouchID or FaceID. Apple's cross-device Continuity features were also updated. FaceTime calls can be handed off seamlessly between different Macs and iDevices, while Continuity Camera allows you to use an iPhone as a webcam (your iPhone's LED can even be used as a makeshift ring light). Continuity Camera supports Center Stage and Portrait Mode effects, too, though presumably they will require newer iPhones with hardware that supports those features.

The Register has unveiled their "cynic's guide to desktop Linux," which they ultimately concede is a snarky yet affectionate list of "the least bad distros."

For those who are "sick of Windows but can't afford a Mac," the article begins by addressing people who complain there's too many Linux distros to choose from. "We thought we'd simplify things for you by listing how and in which ways the different options suck." - The year of Linux on the desktop came and went, and nobody noticed — maybe because it doesn't say "Linux" on it. ChromeOS only runs on ChromeBooks and ChromeBoxes, but they outsold Macs for a while before the pandemic. "Flex" is the version for ordinary PCs... ChromeOS Flex works great, because it only does one thing: browse the web. You can't install apps, not even Android ones: only official kit does that. You can run Debian containers: if you know what that means, go run Debian. If you don't know what that means, trust us, you don't want to.

- Ubuntu is an ancient African word that means I can't configure Debian....

- Mint is an Ubuntu remix with knobs on. It was an also-ran for years, but when Ubuntu went all Mac-like it saw its chance and grabbed it — along with the number one spot in the charts. It dispenses with some of the questionable bits of recent Ubuntu, such as GNOME and Snaps, but replaces them with dodgy bits of its own, such as a confusing choice of not one, not two, but three Windows-like desktops, and overly cautious approaches to updates and upgrades.

- Debian is the daddy of free distros, and the one that invented the idea of a packaging tool that automatically installs dependencies. It's easier than it used to be, but mired in politics. It's sort of like Ubuntu, but more out of date, harder to install, and with fewer drivers. If that sounds just your sort of thing, go for it.
There's 10 snarky entries in all, zinging Fedora, openSUSE, Arch Linux, and Pop!_OS — as well as the various spinoffs of Red Hat Enterprise Linux. (The article calls Rocky Linux and AlmaLinux "RHEL with the serial numbers filed off.")

And there's also one final catch-call entry for "Tiny obscure distros. All of them."

Thanks to Slashdot reader AleRunner for sharing the link...

An anonymous reader quotes a report from Ars Technica: Apple's Safari web browser has more than 1 billion users, according to an estimate by Atlas VPN. Only one other browser has more than a billion users, and that's Google's Chrome. But at nearly 3.4 billion, Chrome still leaves Safari in the dust. It's important to note that these numbers include mobile users, not just desktop users. Likely, Safari's status as the default browser for both the iPhone and iPad plays a much bigger role than its usage on the Mac. Still, it's impressive given that Safari is the only major web browser not available on Android, which is the world's most popular mobile operating system, or Windows, the most popular desktop OS. "The statistics are based on the GlobalStats browser market share percentage, which was then converted into numbers using the Internet World Stats internet user metric to retrieve the exact numbers," explains Atlas VPN in a blog post.

Mike Bouma (Slashdot reader #85,252) writes: AmiKit is a compilation of pre-installed and pre-configured Amiga programs running emulated on Windows, macOS, and Linux (as well as running on classic 68K Amigas expanded with a Vampire upgrade card).

Besides original Workbench (Commodore's desktop environment/graphical filemanager), AmiKit provides Directory Opus Magellan and Scalos as desktop replacements and its "Rabbit Hole" feature allows you to launch Windows, Mac or Linux applications directly from your Amiga desktop! Anti-aliased fonts, Full HD 32-bit screen modes and DualPNG Icons support is included and this package comes with exclusive versions of the Master Control Program (MCP) and MUI 5 (Magic User Interface).

The original AmigaOS (version 3.x) and Kickstart ROM (version 3.1) are required, also the recently released AmigaOS 3.2 is supported. You can also get the needed files from the Amiga Forever package(s). It even supports emulating AmigaOS 4.x (for PowerPC) easily through Flower Pot.

Here's an extensive overview video by Dan Wood. An Amiga Future review of an earlier 2017 version can be read here.
"Everything began in 1994 when my parents bought an Amiga 500 for me and my brother," explains AmiKit's developer.

"I was 14 years old..." Fast forward to 2005, the AmiKit was born — an emulated environment including more than 350 programs. It fully replaced my old Amiga and it became a legend in the community over the years.

Fast forward to 2017, a brand new AmiKit X is released, originally developed for A.L.I.C.E., followed by the XE version released in 2019, Vampire edition in 2020 and Raspberry Pi in 2021. The latest & greatest version was released in 2020.

When someone, who has never heard about Amiga before, asks me why I would want to turn current modern computer into something retro and old fashioned, my short answer is: "Simply because I love Amiga!"

This week Google began a rolling release for stable Chrome version 102 "with 32 security fixes for browser on Windows, Mac and Linux," reports ZDNet: Chrome 102 for the desktop includes 32 security fixes reported to Google by external researchers. There's one critical flaw, while eight are high severity, nine are medium severity, and seven are low severity. Google also creates other fixes for issues found through internal testing...

The critical flaw, labelled as CVE-2022-1853, is a 'use after free in IndexedDB', an interface for applications to store data in a user's browser.... "My guess is that an attacker could construct a specially crafted website and take over the visitor's browser by manipulating the IndexedDB," says Pieter Arntz, a malware intelligence researcher at Malwarebytes. None of the flaws fixed in this Chrome 102 stable release were zero days, meaning flaws that were exploited before Google released a patch for it.

Google's Project Zero (GPZ) team last year counted 58 zero-day exploits for popular software in 2021. Twenty-five of these were in browsers, of which 14 affected Chrome. Google engineers argue zero-day counts are rising because vendors are improving detection, fixes and disclosure. However, GPZ researchers argue the industry as a whole is not making zero days hard enough for attackers, who often rely on tweaking existing flaws rather than being forced to conjure up entirely new exploitation methods.
Linux/Mac/Windows users of Chrome can check Help/About to see if the update has already rolled out to their system — or if they need to update manually.

Designer and co-founder of The Iconfactory, Corey B. Marion, has died following a long battle with cancer. He was 54. AppleInsider reports: Marion founded The Iconfactory in 1996 with Talos Tsui, and Gedeon Maheux, when he was 29. For a quarter of a century, he led the firm while also designing icons -- including the company's own factory logo one -- and created a typeface based on his own handwriting. [...] The Iconfactory produces sets of icons, such as free ones commissioned by Paramount to promote a "Star Trek" film, and over 100 for Microsoft Windows XP. Corey designed logos, emojis, and wallpapers too. Plus from 1997 to 2004, he was a judge on The Iconfactory's annual Pixelpalooza icon design contest, created specifically for the Mac community. "We hope you'll join us in celebrating his life via the digital gifts he gave of himself as well as send warm and comforting wishes to his entire family," says a statement on the front page of the company's site. "Our sadness is tempered by the fact that his art and legacy live on in all of us here at the factory as well as for all those, like yourselves, who have enjoyed his creations over the years."

In a new court filing, Epic Games challenges Apple's position that third-party app stores would compromise the iPhone's security. And it points to Apple's macOS as an example of how the process of "sideloading" apps -- installing apps outside of Apple's own App Store, that is -- doesn't have to be the threat Apple describes it to be. From a report: Apple's Mac, explains Epic, doesn't have the same constraints as found in the iPhone operating system, iOS, and yet Apple touts the operating system used in Mac computers, macOS, as secure. The Cary, N.C.-based Fortnite maker made these points in its latest brief, among several others, related to its ongoing legal battle with Apple over its control of the App Store. Epic Games wants to earn the right to deliver Fortnite to iPhone users outside the App Store, or at the very least, be able to use its own payment processing system so it can stop paying Apple commissions for the ability to deliver its software to iPhone users.

Apple has released iOS 15.5, macOS 12.4, and more today with updates like new features for Apple Cash, the Podcasts app, and the Studio Display webcam fix. However, a bigger reason to update your devices is the security patches with today's releases. iOS 15.5 includes almost 30 security fixes while macOS 12.4 features over 50. 9to5Mac reports: Apple shared all the details for the security fixes in its latest software for iPhone, iPad, Mac, and more on its support page. For both iOS and Mac, many of the flaws could allow malicious apps to execute arbitrary code with kernel privileges. Another for iOS says "A remote attacker may be able to cause unexpected application termination or arbitrary code execution." Specifically on Mac, one of the 50+ flaws fixed was that "Photo location information may persist after it is removed with Preview Inspector." Important security updates are also available for macOS Big Sur with 11.6.6, macOS Catalina, Xcode 13.4, and watchOS 8.6.

An anonymous reader quotes a report from Tom's Hardware: A team of researchers with the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington have demonstrated a world-first Data Memory-Dependent Prefetcher (DMP) vulnerability, dubbed "Augury," that's exclusive to Apple Silicon. If exploited, the vulnerability could allow attackers to siphon off "at rest" data, meaning the data doesn't even need to be accessed by the processing cores to be exposed. Augury takes advantage of Apple Silicon's DMP feature. This prefetcher aims to improve system performance by being aware of the entire memory content, which allows it to improve system performance by pre-fetching data before it's needed. Usually, memory access is limited and compartmentalized in order to increase system security, but Apple's DMP prefetch can overshoot the set of memory pointers, allowing it to access and attempt a prefetch of unrelated memory addresses up to its prefetch depth.

If you feel your mind grasping at a certain familiarity with this, it's likely because the infamous Spectre/Meltdown vulnerabilities also try and speculate what data will be required by the system before it's even requested (hence the term speculative execution). But while side-channel vulnerabilities such as Spectre and Meltdown are only capable of leaking in-use data, Apple's DMP can potentially leak the entire memory content even if it's not being actively accessed. The nature of Apple's DMP also renders void some of the already-engineered fixes for speculative execution vulnerabilities -- those that rely on controlling what is visible to the processing cores. The researchers said that Apple is fully aware of their discoveries, but there are no plans for whether or not the company will deploy mitigations.

Hot Hardware warns that on Tuesday, the Stable Channel for Chrome's desktop edition "had an update on April 26, 2022. That update includes 30 security fixes, some of them so bad that Google is urging all users to update immediately." The release notes for Google's Chrome v101.0.4951.41 for Windows, Mac, and Linux has a long list of bug fixes; you can view it here. However, there's also a key statement in that page.

"Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed...."

Effectively the the non-developer translation of the quote above is that something so significant was found, the details are being kept hidden.